Security News US Health Dept warns hospitals of hackers targeting IT help desks

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,249
The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.

The sector alert issued by the Health Sector Cybersecurity Coordination Center (HC3) this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication (MFA) devices.

In these attacks, the threat actors use a local area code to call organizations pretending to be employees in the financial department and provide stolen ID verification details, including corporate ID and social security numbers.

Using this sensitive information and claiming their smartphone is broken, they convince the IT helpdesk to enroll a new device in MFA under the attacker's control.

This gives them access to corporate resources and allows them to redirect bank transactions in business email compromise attacks.

"The threat actor specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts," HC3 says [PDF].

"Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts."

"The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO)."

In such incidents, attackers may also use AI voice cloning tools to deceive targets, making it harder to verify identities remotely. This is now a very popular tactic, with 25% of people having experienced an AI voice impersonation scam or knowing someone who has, according to a recent global study.
 
F

ForgottenSeer 109138

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top